summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/common/roles-wrapper/templates/role.yaml16
-rw-r--r--kubernetes/common/timescaledb/templates/statefulset.yaml17
-rw-r--r--kubernetes/common/timescaledb/values.yaml45
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl1
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml8
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml8
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml8
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml7
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml3
-rwxr-xr-xkubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml5
-rw-r--r--kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml5
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml8
-rw-r--r--kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml8
-rw-r--r--kubernetes/dcaegen2/values.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml5
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml8
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/values.yaml46
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml22
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml31
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml79
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml103
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml38
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml131
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml21
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml21
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml154
-rwxr-xr-xkubernetes/policy/requirements.yaml4
-rwxr-xr-xkubernetes/policy/resources/config/db.sh3
-rwxr-xr-xkubernetes/policy/values.yaml18
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/values.yaml4
94 files changed, 998 insertions, 86 deletions
diff --git a/kubernetes/common/roles-wrapper/templates/role.yaml b/kubernetes/common/roles-wrapper/templates/role.yaml
index e2a84b4151..0be6c7bbd6 100644
--- a/kubernetes/common/roles-wrapper/templates/role.yaml
+++ b/kubernetes/common/roles-wrapper/templates/role.yaml
@@ -32,6 +32,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -52,6 +53,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -59,6 +61,7 @@ rules:
- replicasets/status
- daemonsets
- secrets
+ - services
verbs:
- get
- watch
@@ -68,6 +71,7 @@ rules:
- apps
resources:
- statefulsets
+ - configmaps
verbs:
- patch
- apiGroups:
@@ -76,6 +80,8 @@ rules:
resources:
- deployments
- secrets
+ - services
+ - pods
verbs:
- create
- apiGroups:
@@ -85,7 +91,8 @@ rules:
- pods
- persistentvolumeclaims
- secrets
- - deployment
+ - deployments
+ - services
verbs:
- delete
- apiGroups:
@@ -95,6 +102,13 @@ rules:
- pods/exec
verbs:
- create
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
{{- else }}
# if you don't match read or create, then you're not allowed to use API
# except to see basic information about yourself
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 435c925eb2..0bd7d30478 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -29,25 +29,10 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
- initContainers:
- - name: chowm-mount-path
- command:
- - /bin/sh
- args:
- - -c
- - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /var/lib/postgresql/data
- name: {{ include "common.fullname" . }}
+ {{ include "common.podSecurityContext" . | indent 10 | trim}}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
imagePullPolicy: {{ .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
livenessProbe:
diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml
index 55acd92847..258f516ff0 100644
--- a/kubernetes/common/timescaledb/values.yaml
+++ b/kubernetes/common/timescaledb/values.yaml
@@ -37,30 +37,45 @@ serviceAccount:
roles:
- read
-podSecurityContext: {}
- # fsGroup: 2000
-
securityContext:
# Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
- runAsUser: 70
- runAsGroup: 70
+ user_id: 70
+ group_id: 70
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- limits:
- cpu: 0.5
- memory: 256Mi
- requests:
- cpu: 20m
- memory: 256Mi
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
nodeSelector: {}
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 6be03de27b..dd0bf4bd48 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -432,6 +432,7 @@ spec:
{{- end }}
{{- end }}
hostname: {{ include "common.name" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
defaultMode: 420
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
index 9815bf7ed6..572e812cf3 100644
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
@@ -199,3 +199,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-bbs-eventprocessor-ms
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml
index 9f1600ead3..540013e1db 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml
@@ -30,4 +30,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index be7620733b..2342470877 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -148,7 +148,7 @@ applicationConfig:
drFeedConfig:
- feedName: bulk_pm_feed
owner: dcaecm
- feedVersion: 0.0
+ feedVersion: "0.0"
asprClassification: unclassified
feedDescription: DFC Feed Creation
@@ -184,3 +184,9 @@ resources:
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datafile-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml
index 8e53236787..6412c80d48 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml
@@ -28,3 +28,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
index faff44cc56..0553b52265 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
@@ -116,3 +116,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-admin-ui
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml
index 34fe22ee16..e0ac99dc5c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml
@@ -28,4 +28,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml
index bc5fe3b88c..9373e8256a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml
@@ -146,3 +146,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-des
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml
index 5ef187132e..fded2cee84 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml
@@ -31,4 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
index 56017b7e5c..2452dc8a18 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
@@ -173,3 +173,9 @@ postgres:
pgUserName: datalake
pgDatabase: datalake
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-feeder
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml
index 680c0d6711..ebfdcdb08c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml
@@ -30,4 +30,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
index 8847f298e8..bbf815d658 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
@@ -190,3 +190,9 @@ postgres:
pgUserName: heartbeat
pgDatabase: heartbeat
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-heartbeat
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
index d45745404d..9a2dc1aa29 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 07b10614a8..650ec03920 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -199,3 +199,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-hv-ves-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml
index 6b37d363b6..4239867c35 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml
@@ -28,5 +28,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
index 802c830005..5d8c6d59eb 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
@@ -159,3 +159,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-kpi-ms
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml
index 0697ceb1d6..3762a2acea 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
index aa6af35c5e..8ec60a7bd1 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
@@ -65,3 +65,8 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ms-healthcheck
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml
index 5e1b36e493..c39c2092ed 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common' \ No newline at end of file
+ repository: 'file://../../common/dcaegen2-services-common'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index 0dff427f49..caae1c319e 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -160,7 +160,7 @@ applicationConfig:
drFeedConfig:
- feedName: bulk_pm_feed
owner: dcaecm
- feedVersion: 0.0
+ feedVersion: "0.0"
asprClassification: unclassified
feedDescription: DFC Feed Creation
@@ -216,3 +216,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-pm-mapper
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
index 4dfc837bf8..44c366438c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
@@ -31,3 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
index 512bd2643a..b9005f01b8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
@@ -192,4 +192,10 @@ postgres:
config:
pgUserName: pmsh
pgDatabase: pmsh
- pgUserExternalSecret: *pgUserCredsSecretName \ No newline at end of file
+ pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-pmsh
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
index 80e79fe28e..37ffafe9ce 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index c7d4c1d82f..a7f62912b1 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -168,3 +168,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-prh
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
index 789a807d63..ad29e33a90 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
@@ -159,3 +159,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-restconf-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
index 9cab8e92e6..c6ccf13b56 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
@@ -31,4 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 5974d80e81..3300306668 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -210,3 +210,9 @@ postgres:
pgUserName: sliceanalysisms
pgDatabase: sliceanalysisms
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-slice-analysis-ms
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
index 60295b972a..266da24f7a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
@@ -145,3 +145,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-snmptrap-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml
index 3f52d6fce8..907f8f3d26 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml
@@ -31,3 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index a0ab079e1d..420814f6c2 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -242,3 +242,9 @@ postgres:
pgUserName: sonhms
pgDatabase: sonhms
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-son-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
index 02a2a674c3..b1d9fb2332 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
@@ -26,3 +26,9 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
index 778f6c94ed..e7707dcdb0 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
@@ -162,3 +162,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-tcagen2
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
index d45745404d..9a2dc1aa29 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index bfea92aeb9..f863ff8641 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -200,3 +200,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
index 7bde2e99fb..a7186a4d98 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
@@ -189,3 +189,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-mapper
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
index 353f4eaccb..b6eeb5bb45 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
@@ -32,3 +32,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
index d95883ab09..4addb2b863 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
@@ -136,6 +136,7 @@ spec:
value: {{ .Values.dcae_ns | default "" }}
- name: ONAP_NAMESPACE
value: {{ include "common.namespace" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-dcae-inputs-input
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index f3e6c29d53..b012ee4942 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -137,3 +137,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "onap"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-bootstrap
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
index 413f997905..877839e40a 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: cmpv2Config
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
index 204a3e27d7..f5fc9cac30 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
@@ -169,6 +169,7 @@ spec:
readOnly: true
securityContext:
privileged: True
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index e6567d9ac2..17ba5ec71e 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -127,3 +127,10 @@ persistence:
mountPath: /dockerdata-nfs
mountSubPath: dcae-cm/data
volumeReclaimPolicy: Retain
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-cloudify-manager
+ roles:
+ - create
+
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
index be5f059ed9..f2c5b021ba 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
index 65d0b36927..c7e1d70030 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
@@ -167,6 +167,7 @@ spec:
- name: {{ include "common.fullname" . }}-logs-i
mountPath: /var/log/onap/config-binding-service
{{ end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-fb-conf
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
index 1d421427c3..719e73f43c 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
@@ -91,3 +91,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-config-binding-service
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
index 2fe847961d..8759678489 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index e93f8d8fb9..dbb6c67580 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -161,6 +161,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index 6640f78e9a..a083b519d6 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -119,3 +119,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-dashboard
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
index f19e4127c8..78bcd76a6d 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
index 1b39dc6e2f..1ad42e02b2 100755
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
@@ -154,6 +154,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
index fc4d07d39d..3435462c1d 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
@@ -91,3 +91,8 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+serviceAccount:
+ nameOverride: dcae-deployment-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
index 0697ceb1d6..3762a2acea 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
index 9514f41b86..641dfdf926 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
@@ -74,6 +74,7 @@ spec:
value: {{ include "common.release" . }}
- name: DEPLOY_LABEL
value: cfydeployment
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-expected-components
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
index 221e579943..1c6cff0657 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
@@ -67,3 +67,8 @@ resources:
# If empty, use the common namespace
# dcae_ns: "onap"
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-healthcheck
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
index 63ac56cca4..32d8b5b035 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
index d25d63c361..7c3746a0a3 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
@@ -152,6 +152,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
index 1bc13efc55..fe39269c27 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
@@ -110,3 +110,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-inventory-api
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
index f19e4127c8..78bcd76a6d 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
index 916c5f673f..b8c24355e6 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
@@ -145,6 +145,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
index 8f6a1a7da9..00ce47b451 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
@@ -92,3 +92,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-policy-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
index be5f059ed9..f2c5b021ba 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
index 7c55628f25..6c4e695228 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
@@ -106,6 +106,7 @@ spec:
value: "/opt/cert/cacert.pem"
- name: SCH_ARGS
value: "prod /opt/config.json"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-sch-config
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
index c363626666..8686db49ba 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
@@ -85,4 +85,10 @@ resources:
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
-# dcae_ns: "dcae" \ No newline at end of file
+# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-servicechange-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
index 16f38f80a8..9a3009ddec 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: readinessCheck
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
index f2826a77a0..1c6e3593ac 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
@@ -52,6 +52,7 @@ spec:
volumeMounts:
- name: schema-map
mountPath: {{ .Values.schemaMap.directory }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: schema-map
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
index 2209feb729..873579ee97 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
@@ -64,4 +64,10 @@ resources:
requests:
cpu: 1
memory: 1Gi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-openapi-manager
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index f82b410e1b..17b077b987 100644
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -68,4 +68,4 @@ dcae-policy-handler:
dcae-servicechange-handler:
enabled: true
dcae-ves-openapi-manager:
- enabled: true \ No newline at end of file
+ enabled: true
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
index 65867f50af..3c25c94388 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
@@ -23,7 +23,10 @@ dependencies:
version: ~8.x-0
repository: '@local'
- name: mariadb-galera
- alias: mariadb
+ version: ~8.x-0
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
version: ~8.x-0
repository: '@local'
- name: certInitializer
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index a7472383e2..18ab41982a 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -42,7 +42,7 @@ org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
-org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.db.name}}
+org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}}
org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 61678961cc..a3051eee5d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -42,8 +42,8 @@ spec:
command:
- /app/ready.py
args:
- - --container-name
- - {{ .Values.config.dmaapDrDb.mariadbContName }}
+ - --job-name
+ - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job
env:
- name: NAMESPACE
valueFrom:
@@ -81,9 +81,9 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 7564ccfc78..cf25468fe1 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -19,17 +19,23 @@ global:
nodePortPrefix: 302
loggingDirectory: /opt/app/datartr/logs
persistence: {}
+ mariadbGalera: &mariadbGalera
+ #This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: dmaap-dr-db-user-secret
- name: &dbSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ - name: &dbUserSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-credentials'
+ uid: 'dmaap-dr-db-user-credentials'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.dmaapDrDb.userName }}'
- password: '{{ .Values.config.dmaapDrDb.userPassword }}'
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "dmaap-dr-db-user-credentials" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "db" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "db" "password" }}'
#################################################################
# Application configuration defaults.
@@ -92,31 +98,29 @@ config:
# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
logLevel: "INFO"
- # dr-prov db configuration
- dmaapDrDb:
- mariadbServiceName: dmaap-dr-db
- mariadbServicePort: 3306
- mariadbContName: &dmaap-dr-db dmaap-dr-db
- userName: datarouter
-# userPassword: password
-# userCredentialsExternalSecret: some secret
-
# mariadb-galera configuration
-mariadb:
- name: *dmaap-dr-db
- nameOverride: *dmaap-dr-db
+mariadb-galera:
+ nameOverride: &dbServer dmaap-dr-db
replicaCount: 1
db:
- externalSecret: *dbSecretName
- name: datarouter
+ name: &mysqlDbName datarouter
+ user: datarouter
+ # password:
+ externalSecret: *dbUserSecretName
service:
- name: dmaap-dr-db
+ name: *dbServer
nfsprovisionerPrefix: dmaap-dr-db
persistence:
size: 1Gi
mountSubPath: data-router/dr-db-data
serviceAccount:
- nameOverride: *dmaap-dr-db
+ nameOverride: *dbServer
+
+mariadb-init:
+ config:
+ userCredentialsExternalSecret: *dbUserSecretName
+ mysqlDatabase: *mysqlDbName
+ nameOverride: dmaap-dr-mariadb-init
#################################################################
# AAF part
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index fbd545c12e..6cabde79da 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -79,7 +79,7 @@ tls:
selfsigning:
name: &selfSigningIssuer cmpv2-selfsigning-issuer
ca:
- name: &caIssuer cmpv2-ca-issuer
+ name: &caIssuer cmpv2-issuer-onap
secret:
name: &caKeyPairSecret cmpv2-ca-key-pair
server:
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml
new file mode 100644
index 0000000000..b7c44d7c3b
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml
@@ -0,0 +1,22 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Clamp Controlloop Runtime
+name: policy-clamp-cl-runtime
+version: 8.0.0
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml
new file mode 100644
index 0000000000..7878f91d48
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml
@@ -0,0 +1,31 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml
new file mode 100644
index 0000000000..250e91213c
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml
@@ -0,0 +1,79 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: ${RUNTIME_USER}
+ password: ${RUNTIME_PASSWORD}
+ http:
+ converters:
+ preferred-json-mapper: gson
+
+security:
+ enable-csrf: false
+
+server:
+ port: 6969
+ servlet:
+ context-path: /onap/controlloop
+ error:
+ path: /error
+
+
+runtime:
+ supervisionScannerIntervalSec: 1000
+ participantClUpdateIntervalSec: 1000
+ participantClStateChangeIntervalSec: 1000
+ participantParameters:
+ heartBeatMs: 120000
+ maxMessageAgeMs: 600000
+ maxStatusWaitMs: 100000
+ updateParameters:
+ maxRetryCount: 3
+ maxWaitMs: 100000
+ databaseProviderParameters:
+ name: PolicyProviderParameterGroup
+ implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
+ databaseDriver: org.mariadb.jdbc.Driver
+ databaseUrl: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop
+ databaseUser: ${SQL_USER}
+ databasePassword: ${SQL_PASSWORD}
+ persistenceUnit: CommissioningMariaDb
+ topicParameterGroup:
+ topicSources:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+ fetchTimeout: 15000
+ topicSinks:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml
new file mode 100644
index 0000000000..43cea65306
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/policy-clamp-cl-runtime/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml
new file mode 100644
index 0000000000..66c096d439
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml
@@ -0,0 +1,38 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,yaml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml
new file mode 100644
index 0000000000..92e5c9e6c8
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml
@@ -0,0 +1,131 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: RUNTIME_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
+ - name: RUNTIME_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: cl-runtime-config
+ - mountPath: /config
+ name: cl-runtime-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/clamp/bin/controlloop-runtime.sh /opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+{{- else }}
+ command: ["/opt/app/policy/clamp/bin/controlloop-runtime.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: cl-runtime-config-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: cl-runtime-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: cl-runtime-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml
new file mode 100644
index 0000000000..abbfa3fdba
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml
new file mode 100644
index 0000000000..be2449f890
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml
new file mode 100644
index 0000000000..4cf9e67c99
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml
@@ -0,0 +1,154 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+ - uid: runtime-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-clamp-cl-runtime-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-cl-runtime:6.1.2
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ policyAppUserName: runtimeUser
+ policyAppUserPassword: none
+
+db:
+ user: policy_user
+ password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-cl-runtime
+ useNodePortExt: true
+ ports:
+ - name: http-api
+ port: 6969
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-cl-runtime
+ roles:
+ - read
diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml
index b391d27bb1..0ba1535346 100755
--- a/kubernetes/policy/requirements.yaml
+++ b/kubernetes/policy/requirements.yaml
@@ -61,6 +61,10 @@ dependencies:
version: ~8.x-0
repository: 'file://components/policy-clamp-cl-k8s-ppnt'
condition: policy-clamp-cl-k8s-ppnt.enabled
+ - name: policy-clamp-cl-runtime
+ version: ~8.x-0
+ repository: 'file://components/policy-clamp-cl-runtime'
+ condition: policy-clamp-cl-runtime.enabled
- name: policy-gui
version: ~8.x-0
repository: 'file://components/policy-gui'
diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh
index 7b9437217d..787ec0adbe 100755
--- a/kubernetes/policy/resources/config/db.sh
+++ b/kubernetes/policy/resources/config/db.sh
@@ -2,6 +2,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +19,7 @@
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in migration pooling policyadmin policyclamp operationshistory
+for db in migration pooling policyadmin policyclamp operationshistory controlloop
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 054c7be2c8..29603690b8 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -45,6 +45,13 @@ secrets:
login: '{{ index .Values "mariadb-galera" "db" "user" }}'
password: '{{ index .Values "mariadb-galera" "db" "password" }}'
passwordPolicy: generate
+ - uid: policy-app-user-creds
+ name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
@@ -70,12 +77,19 @@ policy-distribution:
policy-clamp-be:
enabled: true
db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
policy-clamp-fe:
enabled: true
policy-clamp-cl-k8s-ppnt:
enabled: true
policy-nexus:
enabled: false
+policy-clamp-cl-runtime:
+ enabled: true
+ db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
policy-gui:
enabled: true
@@ -119,6 +133,10 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+config:
+ policyAppUserName: runtimeUser
+
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
db:
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index 070583bfc2..d769f628eb 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -35,8 +35,8 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.9.0
-backendInitImage: onap/sdc-backend-init:1.9.0
+image: onap/sdc-backend-all-plugins:1.9.3
+backendInitImage: onap/sdc-backend-init:1.9.3
pullPolicy: Always
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index fed4769202..223e023b28 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -38,8 +38,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.9.0
-cassandraInitImage: onap/sdc-cassandra-init:1.9.0
+image: onap/sdc-cassandra:1.9.3
+cassandraInitImage: onap/sdc-cassandra-init:1.9.3
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index e9b2eee8db..d563e80f42 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -47,7 +47,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.9.0
+image: onap/sdc-frontend:1.9.3
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index aa7d535db3..1bce6b17af 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -59,8 +59,8 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.9.0
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.0
+image: onap/sdc-onboard-backend:1.9.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3
pullPolicy: Always
# flag to enable debugging - application support required